Which prompts the question: what qualities are required of corporate IT security managers? To begin with, given that we are talking about a constantly changing environment, they must be up to speed regarding the many threats to their systems and the tools potential attackers could use, along with the skills needed to understand these threats and deal with them. As things stand, the sad truth is that the majority of security managers lack even the essential skills required for the job.

But like all jobs, in addition to some essential requirements, there are other “desirable” skills, the border between which tends to be blurred. Here we have a series of criteria that have more to do with psychology than technology, but as good security experts know, they can be essential: besides the much discussed social engineering, we should mention a fundamental characteristic, called empathy. Empathy is defined as “the ability to perceive, share and/or infer the feelings, thoughts and emotions of others,” and in an area like cyber security, it is completely fundamental.

Regarding a cybersecurity officer as someone who simply merely dictates rules and uses certain tools is far from helpful. Knowing the people whose activity you have to supervise is fundamental and can prevent tensions and misunderstandings: the reality is that in most companies there are people who are completely ignorant in this area working alongside others who are reasonably well informed. As the head of IT, If you believe that your work is measured solely by the absence of intrusions or security problems, you are wrong: every time somebody in your organization finds themselves in a situation where they cannot access information that is essential for their work, you have done something wrong. The idea that your job is simply to prevent security breaches is simplistic, because that can be done simply by shutting the system down.

There are many aspects to cybersecurity. If you prefer to force your employees to memorize increasingly long and complex passwords and force them to change them every three months, instead of teaching them how to use a password manager, you’ll find that they simply write them down on a post-it and stick them in the place where they usually need them. If you implement a two-factor system and do not properly train people in its use, you will create situations bordering on the ridiculous. If you do not consider the impact of changing the usual practices of the people who work with you, you may leave some people without access, leading to disruption or loss of productivity.

Cybersecurity is much more than simply preventing someone from accessing areas where they shouldn’t be: it is also extremely important people who need access can do so without having to stand on one leg while reciting the alphabet backwards. If you run a company, and in an exceptional situation like the present one, you find yourself faced with a wave of protests from the workforce claiming that your security protocols are preventing them from doing their job normally, you probably have the wrong security manager.

This article was written by Enrique Dans from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

Follow Us:

About American Military University

AMU is the nation’s largest provider of online higher education to the U.S. military, and offers more than 190 degree and certificate programs including Homeland Security, Intelligence Studies, Emergency & Disaster Management, Criminal Justice, and more.